Yet Another Related Posts Plugin (YARPP) 4.2.4 - CSRF / XSS / RCE

Description

'Yet Another Related Posts Plugin' options can be updated with no token/nonce protection which an attacker may exploit via tricking website's administrator to enter a malformed page which will change YARPP options, and since some options allow html the attacker is able to inject malformed javascript code which can lead to code execution/administrator actions when the injected code is triggered by an admin user.

Copyright & License

Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.